package de.gematik.test.tiger.proxy;

import de.gematik.rbellogger.modifier.RbelModificationDescription;
import de.gematik.rbellogger.renderer.RbelHtmlRenderer;
import de.gematik.test.tiger.common.config.tigerProxy.TigerProxyConfiguration;
import de.gematik.test.tiger.common.config.tigerProxy.TigerProxyType;
import de.gematik.test.tiger.common.config.tigerProxy.TigerRoute;
import de.gematik.test.tiger.common.pki.TigerPkiIdentity;
import de.gematik.test.tiger.exception.TigerProxyStartupException;
import de.gematik.test.tiger.proxy.client.TigerRemoteProxyClient;
import de.gematik.test.tiger.proxy.exceptions.TigerProxyConfigurationException;
import de.gematik.test.tiger.proxy.exceptions.TigerProxyRouteConflictException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiFunction;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.utils.URIBuilder;
import org.apache.tomcat.util.buf.UriUtil;
import org.mockserver.client.MockServerClient;
import org.mockserver.configuration.ConfigurationProperties;
import org.mockserver.logging.MockServerLogger;
import org.mockserver.matchers.TimeToLive;
import org.mockserver.matchers.Times;
import org.mockserver.mock.Expectation;
import org.mockserver.model.ExpectationId;
import org.mockserver.model.HttpOverrideForwardedRequest;
import org.mockserver.model.HttpRequest;
import org.mockserver.model.HttpResponse;
import org.mockserver.netty.MockServer;
import org.mockserver.proxyconfiguration.ProxyConfiguration;
import org.mockserver.socket.tls.KeyAndCertificateFactory;
import org.mockserver.socket.tls.KeyAndCertificateFactoryFactory;
import org.mockserver.socket.tls.NettySslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gematik/test/tiger/proxy/TigerProxy.class */
public class TigerProxy extends AbstractTigerProxy {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(TigerProxy.class);
    private final List<TigerKeyAndCertificateFactory> tlsFactories;
    private final List<Consumer<Throwable>> exceptionListeners;
    private final MockServer mockServer;
    private final MockServerClient mockServerClient;
    private final MockServerToRbelConverter mockServerToRbelConverter;
    private final Map<String, TigerRoute> tigerRouteMap;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/gematik/test/tiger/proxy/TigerProxy$TigerProxyTrustManagerBuildingException.class */
    public class TigerProxyTrustManagerBuildingException extends RuntimeException {
        public TigerProxyTrustManagerBuildingException(String str, Exception exc) {
            super(str, exc);
        }

        public TigerProxyTrustManagerBuildingException(String str) {
            super(str);
        }
    }

    public TigerProxy(TigerProxyConfiguration tigerProxyConfiguration) {
        super(tigerProxyConfiguration);
        this.tlsFactories = new ArrayList();
        this.exceptionListeners = new ArrayList();
        this.tigerRouteMap = new HashMap();
        KeyAndCertificateFactoryFactory.setCustomKeyAndCertificateFactorySupplier(buildKeyAndCertificateFactory());
        this.mockServerToRbelConverter = new MockServerToRbelConverter(getRbelLogger().getRbelConverter());
        ConfigurationProperties.useBouncyCastleForKeyAndCertificateGeneration(true);
        ConfigurationProperties.forwardProxyTLSX509CertificatesTrustManagerType("ANY");
        ConfigurationProperties.maxLogEntries(10);
        if (StringUtils.isNotEmpty(tigerProxyConfiguration.getProxyLogLevel())) {
            ConfigurationProperties.logLevel(tigerProxyConfiguration.getProxyLogLevel());
        }
        customizeSslSuitesIfApplicable(tigerProxyConfiguration);
        this.mockServer = (MockServer) convertProxyConfiguration().map(proxyConfiguration -> {
            return new MockServer(proxyConfiguration, tigerProxyConfiguration.getPortAsArray());
        }).orElseGet(() -> {
            return new MockServer(tigerProxyConfiguration.getPortAsArray());
        });
        log.info("Proxy started on port " + this.mockServer.getLocalPort());
        this.mockServerClient = new MockServerClient("localhost", this.mockServer.getLocalPort());
        if (tigerProxyConfiguration.getProxyRoutes() != null) {
            Iterator it = tigerProxyConfiguration.getProxyRoutes().iterator();
            while (it.hasNext()) {
                addRoute((TigerRoute) it.next());
            }
        }
        if (tigerProxyConfiguration.isActivateRbelEndpoint()) {
            addRbelTrafficEndpoint();
        }
        if (!tigerProxyConfiguration.isSkipTrafficEndpointsSubscription()) {
            subscribeToTrafficEndpoints(tigerProxyConfiguration);
        }
        if (tigerProxyConfiguration.getModifications() != null) {
            int i = 0;
            for (RbelModificationDescription rbelModificationDescription : tigerProxyConfiguration.getModifications()) {
                if (rbelModificationDescription.getName() == null) {
                    int i2 = i;
                    i++;
                    rbelModificationDescription.setName("TigerModification #" + i2);
                    getRbelLogger().getRbelModifier().addModification(rbelModificationDescription);
                } else {
                    getRbelLogger().getRbelModifier().addModification(rbelModificationDescription);
                }
            }
        }
        if (tigerProxyConfiguration.isActivateForwardAllLogging()) {
            this.mockServerClient.when(HttpRequest.request().withPath(".*"), Times.unlimited(), TimeToLive.unlimited(), Integer.MIN_VALUE).forward(httpRequest -> {
                return HttpOverrideForwardedRequest.forwardOverriddenRequest(httpRequest.withSocketAddress(httpRequest.isSecure(), httpRequest.socketAddressFromHostHeader().getHostName(), Integer.valueOf(httpRequest.socketAddressFromHostHeader().getPort()))).getHttpRequest();
            }, (httpRequest2, httpResponse) -> {
                try {
                    triggerListener(this.mockServerToRbelConverter.convertRequest(httpRequest2, httpRequest2.getSocketAddress().getScheme() + "://" + httpRequest2.getSocketAddress().getHost() + ":" + httpRequest2.getSocketAddress().getPort()));
                    triggerListener(this.mockServerToRbelConverter.convertResponse(httpResponse, httpRequest2.getSocketAddress().getScheme() + "://" + httpRequest2.getSocketAddress().getHost() + ":" + httpRequest2.getSocketAddress().getPort(), httpRequest2.getClientAddress()));
                    manageRbelBufferSize();
                } catch (Exception e) {
                    log.error("RBel FAILED!", e);
                }
                return httpResponse;
            });
        }
    }

    private void customizeSslSuitesIfApplicable(TigerProxyConfiguration tigerProxyConfiguration) {
        if (tigerProxyConfiguration.getTls().getServerSslSuites() != null) {
            NettySslContextFactory.sslServerContextBuilderCustomizer = sslContextBuilder -> {
                sslContextBuilder.ciphers(tigerProxyConfiguration.getTls().getServerSslSuites());
                return sslContextBuilder;
            };
        }
    }

    private BiFunction<MockServerLogger, Boolean, KeyAndCertificateFactory> buildKeyAndCertificateFactory() {
        if (getTigerProxyConfiguration().getTls().getServerIdentity() == null || getTigerProxyConfiguration().getTls().getServerIdentity().hasValidChainWithRootCa()) {
            return (mockServerLogger, bool) -> {
                if (!bool.booleanValue() && getTigerProxyConfiguration().getTls() != null && getTigerProxyConfiguration().getTls().getForwardMutualTlsIdentity() != null) {
                    return new TigerKeyAndCertificateFactory(mockServerLogger, null, getTigerProxyConfiguration().getTls().getForwardMutualTlsIdentity(), getTigerProxyConfiguration().getTls());
                }
                TigerKeyAndCertificateFactory tigerKeyAndCertificateFactory = new TigerKeyAndCertificateFactory(mockServerLogger, determineServerRootCa().orElse(null), getTigerProxyConfiguration().getTls().getServerIdentity(), getTigerProxyConfiguration().getTls());
                if (bool.booleanValue()) {
                    this.tlsFactories.add(tigerKeyAndCertificateFactory);
                }
                return tigerKeyAndCertificateFactory;
            };
        }
        throw new TigerProxyStartupException("Configured server-identity has no valid chain!");
    }

    private Optional<TigerPkiIdentity> determineServerRootCa() {
        return getTigerProxyConfiguration().getTls().getServerRootCa() != null ? Optional.ofNullable(getTigerProxyConfiguration().getTls().getServerRootCa()) : getTigerProxyConfiguration().getTls().getServerIdentity() != null ? Optional.empty() : Optional.of(new TigerPkiIdentity("CertificateAuthorityCertificate.pem;PKCS8CertificateAuthorityPrivateKey.pem;PKCS8"));
    }

    public void subscribeToTrafficEndpoints(TigerProxyConfiguration tigerProxyConfiguration) {
        Optional.of(tigerProxyConfiguration).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.getTrafficEndpoints();
        }).ifPresent(this::subscribeToTrafficEndpoints);
    }

    public void subscribeToTrafficEndpoints(List<String> list) {
        Optional.of(list).filter((v0) -> {
            return Objects.nonNull(v0);
        }).stream().flatMap((v0) -> {
            return v0.stream();
        }).map(str -> {
            return new TigerRemoteProxyClient(str, new TigerProxyConfiguration());
        }).forEach(tigerRemoteProxyClient -> {
            tigerRemoteProxyClient.setRbelLogger(getRbelLogger());
            tigerRemoteProxyClient.addRbelMessageListener(this::triggerListener);
        });
    }

    private void addRbelTrafficEndpoint() {
        this.mockServerClient.when(HttpRequest.request().withHeader("Host", new String[]{"rbel"})).respond(HttpResponse.response().withHeader("content-type", new String[]{"text/html; charset=utf-8"}).withBody(new RbelHtmlRenderer().doRender(getRbelLogger().getMessageHistory())));
        this.mockServerClient.when(HttpRequest.request().withHeader("Host", (String[]) null).withPath("/rbel")).respond(httpRequest -> {
            return HttpResponse.response().withHeader("content-type", new String[]{"text/html; charset=utf-8"}).withBody(new RbelHtmlRenderer().doRender(getRbelLogger().getMessageHistory()));
        });
    }

    public ProxyConfiguration.Type toMockServerType(TigerProxyType tigerProxyType) {
        return tigerProxyType == TigerProxyType.HTTP ? ProxyConfiguration.Type.HTTP : ProxyConfiguration.Type.HTTPS;
    }

    private Optional<ProxyConfiguration> convertProxyConfiguration() {
        Optional<ProxyConfiguration> empty = Optional.empty();
        try {
            if (getTigerProxyConfiguration().getForwardToProxy() == null || StringUtils.isEmpty(getTigerProxyConfiguration().getForwardToProxy().getHostname())) {
                return empty;
            }
            if (getTigerProxyConfiguration().getForwardToProxy().getHostname() == null || !getTigerProxyConfiguration().getForwardToProxy().getHostname().equals("$SYSTEM")) {
                empty = Optional.of(ProxyConfiguration.proxyConfiguration((ProxyConfiguration.Type) Optional.ofNullable(getTigerProxyConfiguration().getForwardToProxy().getType()).map(this::toMockServerType).orElse(ProxyConfiguration.Type.HTTPS), getTigerProxyConfiguration().getForwardToProxy().getHostname() + ":" + getTigerProxyConfiguration().getForwardToProxy().getPort()));
            } else if (System.getProperty("http.proxyHost") != null) {
                empty = Optional.of(ProxyConfiguration.proxyConfiguration(ProxyConfiguration.Type.HTTP, System.getProperty("http.proxyHost") + ":" + System.getProperty("http.proxyPort")));
            } else if (System.getenv("http_proxy") != null) {
                empty = Optional.of(ProxyConfiguration.proxyConfiguration(ProxyConfiguration.Type.HTTP, System.getenv("http_proxy").split("://")[1]));
            }
            Optional<ProxyConfiguration> optional = empty;
            if (empty.isEmpty()) {
                log.info("Tigerproxy has NO forward proxy configured!");
            } else {
                log.info("Forward proxy is set to " + empty.get().getType() + "://" + empty.get().getProxyAddress().getHostName() + ":" + empty.get().getProxyAddress().getPort());
            }
            return optional;
        } finally {
            if (empty.isEmpty()) {
                log.info("Tigerproxy has NO forward proxy configured!");
            } else {
                log.info("Forward proxy is set to " + empty.get().getType() + "://" + empty.get().getProxyAddress().getHostName() + ":" + empty.get().getProxyAddress().getPort());
            }
        }
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public String getBaseUrl() {
        return "http://localhost:" + this.mockServer.getLocalPort();
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public int getPort() {
        return this.mockServer.getLocalPort();
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public List<TigerRoute> getRoutes() {
        return (List) this.tigerRouteMap.entrySet().stream().map((v0) -> {
            return v0.getValue();
        }).collect(Collectors.toList());
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public TigerRoute addRoute(TigerRoute tigerRoute) {
        this.tigerRouteMap.values().stream().filter(tigerRoute2 -> {
            return uriTwoIsBelowUriOne(tigerRoute2.getFrom(), tigerRoute.getFrom()) || uriTwoIsBelowUriOne(tigerRoute.getFrom(), tigerRoute2.getFrom());
        }).findAny().ifPresent(tigerRoute3 -> {
            throw new TigerProxyRouteConflictException(tigerRoute3);
        });
        log.info("adding route {} -> {}", tigerRoute.getFrom(), tigerRoute.getTo());
        Expectation[] buildRouteAndReturnExpectation = buildRouteAndReturnExpectation(tigerRoute);
        if (buildRouteAndReturnExpectation.length > 1) {
            log.warn("Unexpected number of expectations created! Got {}, expected 1", Integer.valueOf(buildRouteAndReturnExpectation.length));
        }
        if (buildRouteAndReturnExpectation.length == 0) {
            throw new TigerProxyConfigurationException("Error while adding route from '{}' to '{}': Got 0 new expectations");
        }
        TigerRoute withId = tigerRoute.withId(buildRouteAndReturnExpectation[0].getId());
        this.tigerRouteMap.put(buildRouteAndReturnExpectation[0].getId(), withId);
        log.info("Created route {} with expectation {}", withId, buildRouteAndReturnExpectation[0]);
        return withId;
    }

    private boolean uriEquals(String str, String str2) {
        try {
            return new URI(str).equals(new URI(str2));
        } catch (URISyntaxException e) {
            return false;
        }
    }

    private boolean uriTwoIsBelowUriOne(String str, String str2) {
        try {
            URI build = new URIBuilder(str2).setScheme(new URI(str).getScheme()).build();
            return !new URI(str).relativize(build).equals(build);
        } catch (URISyntaxException e) {
            return false;
        }
    }

    private Expectation[] buildRouteAndReturnExpectation(TigerRoute tigerRoute) {
        return UriUtil.hasScheme(tigerRoute.getFrom()) ? buildForwardProxyRoute(tigerRoute) : buildReverseProxyRoute(tigerRoute);
    }

    private Expectation[] buildReverseProxyRoute(TigerRoute tigerRoute) {
        return this.mockServerClient.when(HttpRequest.request().withPath(tigerRoute.getFrom() + ".*")).forward(new ReverseProxyCallback(this, tigerRoute));
    }

    private Expectation[] buildForwardProxyRoute(TigerRoute tigerRoute) {
        return this.mockServerClient.when(HttpRequest.request().withHeader("Host", new String[]{tigerRoute.getFrom().split("://")[1]}).withSecure(Boolean.valueOf(tigerRoute.getFrom().startsWith("https://")))).forward(new ForwardProxyCallback(this, tigerRoute));
    }

    public void addAlternativeName(String str) {
        ArrayList arrayList = new ArrayList();
        if (getTigerProxyConfiguration().getTls() != null && getTigerProxyConfiguration().getTls().getAlternativeNames() != null) {
            arrayList.addAll(getTigerProxyConfiguration().getTls().getAlternativeNames());
        }
        arrayList.add(str);
        getTigerProxyConfiguration().getTls().setAlternativeNames(arrayList);
        for (TigerKeyAndCertificateFactory tigerKeyAndCertificateFactory : this.tlsFactories) {
            tigerKeyAndCertificateFactory.addAlternativeName(str);
            tigerKeyAndCertificateFactory.resetEeCertificate();
        }
    }

    public void manageRbelBufferSize() {
        while (rbelBufferIsExceedingMaxSize()) {
            log.info("Exceeded buffer size, dropping oldest message in history");
            getRbelLogger().getMessageHistory().remove(0);
        }
    }

    private boolean rbelBufferIsExceedingMaxSize() {
        long sum = getRbelLogger().getMessageHistory().stream().map((v0) -> {
            return v0.getRawContent();
        }).mapToLong(bArr -> {
            return bArr.length;
        }).sum();
        boolean z = sum > ((long) ((getTigerProxyConfiguration().getRbelBufferSizeInMb() * 1024) * 1024));
        if (z) {
            log.info("Buffersize is {} Mb which exceeds the limit of {} Mb", Long.valueOf(sum / 1026), Integer.valueOf(getTigerProxyConfiguration().getRbelBufferSizeInMb()));
        }
        return z;
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public void removeRoute(String str) {
        this.mockServerClient.clear(new ExpectationId().withId(str));
        log.info("Deleted route {}. Current # expectations {}", this.tigerRouteMap.remove(str), Integer.valueOf(this.mockServerClient.retrieveActiveExpectations(HttpRequest.request()).length));
    }

    public KeyStore buildTruststore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            TigerPkiIdentity orElseThrow = determineServerRootCa().or(() -> {
                return Optional.ofNullable(getTigerProxyConfiguration().getTls()).map((v0) -> {
                    return v0.getServerIdentity();
                }).filter((v0) -> {
                    return Objects.nonNull(v0);
                });
            }).orElseThrow(() -> {
                return new TigerProxyTrustManagerBuildingException("Unrecoverable state: Server-Identity null and Server-CA empty");
            });
            keyStore.setCertificateEntry("caCert", orElseThrow.getCertificate());
            int i = 0;
            Iterator it = orElseThrow.getCertificateChain().iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                keyStore.setCertificateEntry("chainCert" + i2, (X509Certificate) it.next());
            }
            return keyStore;
        } catch (Exception e) {
            throw new TigerProxyTrustManagerBuildingException("Error while building SSL-Context for tiger-proxy", e);
        }
    }

    public SSLContext buildSslContext() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(buildTruststore());
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            return sSLContext;
        } catch (Exception e) {
            throw new TigerProxyTrustManagerBuildingException("Error while building SSL-Context for tiger-proxy", e);
        }
    }

    public void propagateException(Throwable th) {
        this.exceptionListeners.stream().forEach(consumer -> {
            consumer.accept(th);
        });
    }

    public void addNewExceptionConsumer(Consumer<Throwable> consumer) {
        this.exceptionListeners.add(consumer);
    }

    public void shutdown() {
        this.mockServerClient.stop();
        this.mockServer.stop();
    }

    @Generated
    public MockServerToRbelConverter getMockServerToRbelConverter() {
        return this.mockServerToRbelConverter;
    }
}
